Commit 666e59ad authored by Maxime Besson's avatar Maxime Besson

Fix #1698 by clearing saml request token on unauth issuer flow

Add some unit tests to make sure relevant pdata is cleared after authentication
parent c573ec96
......@@ -110,6 +110,8 @@ sub _redirect {
# Restore urldc if auth doesn't need to dial with browser
$self->restoreRequest( $req, $ir );
delete $req->pdata->{ $self->ipath };
delete $req->pdata->{ $self->ipath . 'Path' };
return $self->run( @_, @path );
}
: ()
......
......@@ -11,7 +11,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 21;
my $maintests = 22;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
......@@ -131,6 +131,11 @@ SKIP: {
'Post authentication'
);
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
'SAMLResponse' );
......
......@@ -11,7 +11,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 16;
my $maintests = 17;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
......@@ -99,6 +99,11 @@ SKIP: {
);
expectOK($res);
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
( $host, $url, $query ) =
expectForm( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
'SAMLResponse', 'RelayState' );
......
......@@ -113,6 +113,12 @@ ok(
);
count(1);
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
count(1);
my ($query) =
expectRedirection( $res, qr#^http://auth.sp.com/\?(ticket=[^&]+)$# );
......
......@@ -11,7 +11,7 @@ BEGIN {
}
eval { unlink 't/userdb.db' };
my $maintests = 22;
my $maintests = 23;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
......@@ -132,6 +132,10 @@ SKIP: {
expectRedirection( $res, qr#^http://auth.sp.com/\?(ticket=[^&]+)$# );
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
# Back to SP
switch ('sp');
......
......@@ -11,7 +11,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 12;
my $maintests = 13;
my $debug = 'error';
my ( $idp, $proxy, $app, $res );
my %handlerOR = ( idp => [], proxy => [], app => [] );
......@@ -105,7 +105,7 @@ SKIP: {
ok(
$res = $proxy->_get(
"/",
query => "idp=".uri_escape("http://auth.idp.com/saml/metadata"),
query => "idp=" . uri_escape("http://auth.idp.com/saml/metadata"),
accept => 'text/html',
cookie => $proxyPdata,
),
......@@ -156,6 +156,10 @@ SKIP: {
$query =~ s/\+/%2B/g;
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$idpPdata = expectCookie( $res, 'lemonldappdata' );
ok( $idpPdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
# Post SAML response
switch ('proxy');
ok(
......
......@@ -11,7 +11,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 11;
my $maintests = 12;
my $debug = 'error';
my ( $idp, $proxy, $app, $res );
my %handlerOR = ( idp => [], proxy => [], app => [] );
......@@ -141,6 +141,10 @@ SKIP: {
$query =~ s/\+/%2B/g;
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$idpPdata = expectCookie( $res, 'lemonldappdata' );
ok( $idpPdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
# Post SAML response
switch ('proxy');
ok(
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment